MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f235e2dfc601b2484aff5de4d95a42106c4942afeb77805e29c6ae7f503e850. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f235e2dfc601b2484aff5de4d95a42106c4942afeb77805e29c6ae7f503e850
SHA3-384 hash: 8a16dce86fb9c0719de0356cb4357022887ad171f6002805d57a069c5db4c9e9b74f6120b2ed7582e4ee004f01624df4
SHA1 hash: b1391714b7f8a4f0626c8d06050d1ab9f866f9e4
MD5 hash: 42e6109ab9e270faf8927b280e399a8f
humanhash: vermont-high-fix-rugby
File name:URGENT REQUEST FOR QUOTE.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 09:15:22 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:E1YnFuTvqbki8sDImD6IHPPf5yj0J9PtfnSS/IrHgoNYADl+ih:zFuTy18PIHP35ew5td/zADd
TLSH D44509E0F5F4403BE273CE708E31D5F801BA3E3D6609545B366C758A0B79A09E56962F
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.huclangia.tk
Sending IP: 64.52.175.227
From: Paul Runyan <slim@huclangia.tk>
Subject: URGENT REQUEST FOR QUOTE
Attachment: URGENT REQUEST FOR QUOTE.img (contains "wire.exe")

GuLoader payload URL:
http://37.72.175.206/bin_QxtrNnsvE191.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:45 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 1f235e2dfc601b2484aff5de4d95a42106c4942afeb77805e29c6ae7f503e850

(this sample)

GuLoader

Executable exe e45b4d0e0b338b2a3875466e875b008043acf8240da0d6caa2ec14d13c02fe41

  
URLhaus
https://urlhaus.abuse.ch/url/368732/
  
Dropping
MD5 8e3751d6aa2087f8e2445d968281ae4c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e45b4d0e0b338b2a3875466e875b008043acf8240da0d6caa2ec14d13c02fe41

Comments